Skip to Content
Information
Important

This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 24.3.01

Configuring ​BMC Helix Vault Adapter​

After installing the BMC Helix Vault Adapter, you must configure the Vault Adapter so that it can perform the following tasks:

  • Connect to the enterprise vault (for example, BeyondTrust)
  • Communicate with BMC Helix Operations Management for API key validation.

To configure BMC Helix Vault Adapter to connect to BMC Helix Operations Management

  1. In the Vault Adapter installation directory, open the application.properties file at the following location:
    • Windows: C:\Program Files\BMC Software\VaultAdapter\config\application.properties
    • Linux: /opt/bmc/vaultadapter/config/application.properties
  2. Specify the BMC Helix Operations Management tenant URL that corresponds to the PATROL Agent connecting to the BMC Helix Vault Adapter, as shown below:bhom.server.url=https://<tenant>.bmc.com
  3. Save the application.properties file.

  4. Restart the BMC Vault Adapter service.

To configure BMC Helix Vault Adapter to connect to the enterprise BeyondTrust vault

  1. After you install the BMC Helix Vault Adapter, navigate to its installation directory:
    • Windows: C:\Program Files\BMC Software\VaultAdapter\config\
    • Linux: /opt/bmc/vaultadapter/config/
  2. Open the beyondtrust.properties file and enter the following details that are provided by the vault administrator:
    1. In the beyondtrust.url property, specify the URL for the BeyondTrust vault server.
    2. In the beyondtrust.api_key property, enter the API key.
    3. In the beyondtrust.uername property, enter the BeyondTrust user name.
    4. In the beyondtrust.password property, enter the BeyondTrust password.
  3. Save the application.properties file. 
  4. Restart the BMC Vault Adapter service.
    After you restart the Vault Adapter service, sensitive values such as the API key and password are automatically encrypted in this application.properties file. The BMC Helix Vault Adapter uses these settings to authenticate with the BeyondTrust vault and retrieve credentials for remote monitored systems.
Information
Using credentials in monitor policies with the Vault Adapter

When the Vault Adapter is enabled, Username and Password fields in monitor policies (for example, Windows Remote Monitoring) are handled differently to support secure, vault‑based credential retrieval. 

  • Username field: Enter the username of the remote host that needs to be monitored. This user name must already be registered in BeyondTrust Vault.
  • Password field: Enter the value in the format vault: <username>\<systemname>. Make sure that the prefix vault: is included.

For example, if the user name of the remote system in the BeyondTrust vault is remoteuserABC and the system name is remoteHostXYZ, the password should be: vault:remoteuserABC\remoteHostXYZ.

This format ties the credentials to a specific remote host being monitored. The above configuration represents one of several remote hosts that can be set up for remote monitoring. For information about configuring additional remote hosts, refer to the specific remote monitoring knowledge module documentation.

PATROL Agent uses the values provided in the Username and Password fields to query the Vault Adapter with the correct username and system name. The Vault Adapter then retrieves the actual password securely from the vault and supplies it to the PATROL Agent at runtime.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC PATROL Agent for BMC Helix Operations Management 26.2